Everyone knows that the internet is an awesome place. We share photos on social networks, make conversation with friends, and play games with random strangers on the internet. While it may seem like we’re always in our private little bubble on the internet, sometimes we’re not always secure as we may think we are. Although using a special encryption algorithm known as GPG (similar to PGP), there is a way to communicate between you and others via email without compromising your information.
Whether you’re just an everyday person or an individual trying to ensure sensitive data doesn’t fall into the wrong hands, due to the nature and general insecurity of the internet something as potentially important as e-mails should be encrypted, especially now that governments are illegally accessing our information. It is quite easy to encrypt information sent through an email, although the concept of the way that it is encrypted is a little harder to understand, but I’m going to try and make it easy for you.
How does GPG encryption actually work?
GPG encryption works using two things: a public key, also known as a certificate meant to be distributed those you would like to contact, and a private key, used to decrypt the messages created using your public key. So let’s say that I have a guy named Jimmy, and I want to send him my social security number because I forgot to put it on the job application I handed him. I’d rather not just send it through a regular email, because I run the risk of someone potentially finding the email and copying down the information. Instead, me and Jimmy have our own public keys (certificates) created using special software, which we safely exchange through regular email. Even if someone had these certificates, it wouldn’t matter since they’re not signed on both sides by whoever is trying to read them. Now that we exchanged certificates and signed each others keys, essentially confirming each others identities, I enter my social security number into the email and encrypt it using my public key. It’s ready for whoever is on the other side, waiting to decrypt it using their very own private key.
Setting up E-Mail Encryption using Thunderbird
If you want to set up this encryption through your email account, there are a few steps that must be taken to do so. If you’re not the kind of person that’s big on internet security or anything computer related, it’s all good because I will make this as simple as possible.
Download GPG4Win: http://www.gpg4win.org/
Start by installing GPG4Win, which will allow you to create a unique certificate to encrypt whatever you want, in this case it is emails. This package includes the encryption algorithms and the user interface that controls it. When installing, make sure only the following are checked off:
Awesome! If you’re wondering why we don’t use Claws-Mail, it’s because it was poorly ported to Windows. I’ve had numerous crashing issues doing the simplest of things with it, like sending an email. Instead, we’ll just use Mozilla Thunderbird, because not only is it easier to setup, it’s a better program. Before we install Thunderbird, let’s setup our magical certificate.
While there is a way to do it within Thunderbird, I’m going to do it this way. Open up Kleopatra, the graphical user interface used to create GPG certificates. It looks a little funny, but it’s really easy to set one up. Go to File > New Certificate, or hit Ctrl+N.
You’ll now be presented with two options: “Create a personal OpenPGP key pair”, or “Create a personal X.509 key pair and certification request. Click the first option. Now put in a name and email, and if you want you can even put in a comment. These parameters are not encrypted and are publically visible to those that have your public certificate. Make sure you put in your real name, and the email address you will associate this with. Hit “Next”, and then “Create Key”. That’s it! You now have a unique GPG certificate. The best part about GPG4Win is that it works hand in hand with the plugin we install into Thunderbird, you don’t have to configure any settings whatsoever.
Download Mozilla Thunderbird: http://www.mozilla.com/thunderbird/
To set up Thunderbird, it’s pretty straightforward: just type in your email and it will automatically grab the server addresses associated with your account. Once your account is setup, we’re going to go ahead and download Enigmail.
Download Enigmail Thunderbird plugin: https://www.enigmail.net/download/index.php
Choose the plugin accordingly with whichever OS you have, in my case it is Windows 7. If you have a 64-bit OS don’t worry about it. It will still work since the Thunderbird client is a 32-bit application anyway. You’re probably wondering “what the heck is an .xpi file”? The first time I saw one I had no idea either, because it isn’t associated with any program. This file extension is used in accordance with Mozilla plugins, for both Firefox and Thunderbird. This plugin will obviously only work on Thunderbird though.
Now that you have the plugin downloaded, here’s what you do with it. Make sure you have Thunderbird open, and start by clicking the options button on the top right. Then choose “Add-ons”.
It will bring up a menu, and you’re just going to want to click the “Extensions” option on the left side of this menu. Now go to the folder where you downloaded this .xpi file, and drag it right into the extensions menu you opened in Thunderbird. It should prompt you asking to install the plugin, just wait the few seconds and accept. You’ve installed the plugin successfully!
By now you should have done four things: installed GPG4Win, set up a unique GPG certificate, installed Thunderbird, and installed the Enigmail plugin. We’re almost done! I’m just going to teach you how to send and receive encrypted emails.
Go ahead and open Thunderbird, and create a new email. Take note of the OpenPGP option at the top of the email composition window (there is also the S/MIME encryption next to it, but don’t worry about that). If you click the drop-down menu for OpenPGP, you will see two options: “Sign Message” and “Encrypt Message”. The option that matters the most is the “Encrypt Message” option to obfuscate the message that you’re sending, making it a jumbled mess of characters. Although if you are curious, when you sign an email what this does is just literally attach a digital signature (A.K.A. your certificate) to your email proving that you were the one that actually sent it. It’s made for security reasons on the receiving side, and it wouldn’t hurt to activate this option. Also, if this is the first time sending an encrypted email to a specific person, make sure they have your public key. You can go to OpenPGP in the top most bar, and select “Attach My Public Key”, this way it will be added to their keyring.
Now let’s say they send you a message back, which is encrypted but has their certificate attached. Thunderbird should prompt you to import their certificate, and you should proceed by accessing the “Key Management” in OpenPGP settings, right clicking their imported key (if you can’t see it, make sure “Display All Keys by Default is checked off), and signing it using your own key. So long as both parties have done it to each others keys, you should be able to decrypt each others messages.
Now you’re finally done! Feel free to send all the emails you want, because nobody will ever get a hold of them without your permission.